Ubuntu 14.04
Sponsored Link

OpenStack Liberty : Keystone 設定#2
2015/12/23
 
Keystone に ユーザやロール、OpenStack 各コンポーネントが利用するサービスを登録しておきます。
[1] 環境変数を事前に読み込んでおきます。
「OS_TOKEN」は keystone.conf で「admin_token」に設定した値
「OS_URL」は Keystone サーバーのホスト名またはIPアドレス
root@dlp:~#
export OS_TOKEN=admintoken

root@dlp:~#
export OS_URL=http://10.0.0.30:35357/v3

root@dlp:~#
export OS_IDENTITY_API_VERSION=3

[2] プロジェクトを作成します。
# admin プロジェクト作成

root@dlp:~#
openstack project create --domain default --description "Admin Project" admin

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | default                          |
| enabled     | True                             |
| id          | aec599ff5b764f56b24378f4b687fa75 |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | None                             |
+-------------+----------------------------------+

# service プロジェクト作成

root@dlp:~#
openstack project create --domain default --description "Service Project" service

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 54015368c27f4e9b92094d7032228086 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | None                             |
+-------------+----------------------------------+

# 設定確認

root@dlp:~#
openstack project list

+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 54015368c27f4e9b92094d7032228086 | service |
| aec599ff5b764f56b24378f4b687fa75 | admin   |
+----------------------------------+---------+
[3] ロールを作成します。
# admin ロール作成

root@dlp:~#
openstack role create admin

+-------+----------------------------------+
| Field | Value                            |
+-------+----------------------------------+
| id    | 00a6a5d4d8c24796974de26f79b73477 |
| name  | admin                            |
+-------+----------------------------------+

# Member ロール作成

root@dlp:~#
openstack role create Member

+-------+----------------------------------+
| Field | Value                            |
+-------+----------------------------------+
| id    | 208971585fce417ab78c77c0b3fc926b |
| name  | Member                           |
+-------+----------------------------------+

# 設定確認

root@dlp:~#
openstack role list

+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 00a6a5d4d8c24796974de26f79b73477 | admin  |
| 208971585fce417ab78c77c0b3fc926b | Member |
+----------------------------------+--------+
[4] ユーザーを作成します。
# admin ユーザー作成 (admin プロジェクト所属)

root@dlp:~#
openstack user create --domain default --project admin --password adminpassword admin

+--------------------+----------------------------------+
| Field              | Value                            |
+--------------------+----------------------------------+
| default_project_id | aec599ff5b764f56b24378f4b687fa75 |
| domain_id          | default                          |
| enabled            | True                             |
| id                 | 57df2f052e46428aae0c02e405f37e6f |
| name               | admin                            |
+--------------------+----------------------------------+

# admin ユーザーを admin ロール に加える

root@dlp:~#
openstack role add --project admin --user admin admin
# 設定確認

root@dlp:~#
openstack user list

+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 57df2f052e46428aae0c02e405f37e6f | admin |
+----------------------------------+-------+
[5] サービス用のエントリを作成します。
# keystone 用サービスエントリ作成

root@dlp:~#
openstack service create --name keystone --description "OpenStack Identity" identity

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | fd3e8762b0c44daca819894d2cd085ad |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+

# 設定確認

root@dlp:~#
openstack service list

+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| fd3e8762b0c44daca819894d2cd085ad | keystone | identity |
+----------------------------------+----------+----------+
[6] エンドポイントを作成します。
# 自ホストを定義しておく

root@dlp:~#
export controller=10.0.0.30
# keystone 用エンドポイント作成 (public)

root@dlp:~#
openstack endpoint create --region RegionOne identity public http://$controller:5000/v2.0

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | a56afa66c33e4d9f8ad46ef84cf6b507 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | fd3e8762b0c44daca819894d2cd085ad |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://10.0.0.30:5000/v2.0       |
+--------------+----------------------------------+

# keystone 用エンドポイント作成 (internal )

root@dlp:~#
openstack endpoint create --region RegionOne identity internal http://$controller:5000/v2.0

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | d6413fda84b447c9a35e216e18ba6eb9 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | fd3e8762b0c44daca819894d2cd085ad |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://10.0.0.30:5000/v2.0       |
+--------------+----------------------------------+

# keystone 用エンドポイント作成 (admin )

root@dlp:~#
openstack endpoint create --region RegionOne identity admin http://$controller:35357/v2.0

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 238a0aa47af14942838faf92b6f5e152 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | fd3e8762b0c44daca819894d2cd085ad |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://10.0.0.30:35357/v2.0      |
+--------------+----------------------------------+

# 設定確認

root@dlp:~#
openstack endpoint list

+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                         |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
| 238a0aa47af14942838faf92b6f5e152 | RegionOne | keystone     | identity     | True    | admin     | http://10.0.0.30:35357/v2.0 |
| a56afa66c33e4d9f8ad46ef84cf6b507 | RegionOne | keystone     | identity     | True    | public    | http://10.0.0.30:5000/v2.0  |
| d6413fda84b447c9a35e216e18ba6eb9 | RegionOne | keystone     | identity     | True    | internal  | http://10.0.0.30:5000/v2.0  |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------+
関連コンテンツ
 
Tweet